Share this story

The Federal Trade Commission today announced a broad crackdown on scareware scammers accused of using an ancient technology—the telephone—to trick thousands of unsuspecting victims into handing over full access to their Windows PCs. By cold-calling victims and claiming to be from companies like Microsoft, Dell, and McAfee, the scammers directed users to a harmless error log on their computers and told them it was a sign of a serious infection, the FTC said. The alleged scammers went on to charge anywhere between $49 and $450 to "fix" the consumers' computers.

At a press conference announcing six lawsuits filed in US District Court in New York, FTC Chairman Jon Leibowitz said at least 2,400 people—and probably many more—were tricked in this manner. The FTC believes such scams have cost consumers tens of millions of dollars worldwide.

Like a bad Bollywood movie

The FTC played a phone call between one of the defendants and a female victim, who was actually a "highly skilled FTC investigator" playing the role of a clueless computer user. The defendant has an Indian accent, but calls were generally spoofed to appear to be coming from US phone numbers.

Defendant: OK, so now what you need to do, madam, you need to scroll down the page very slowly, very carefully from your end, and you need to just pull it down and tell me if you can see anything else other than the blue color information over there or not. And if you see anything else over there, let me know.

FTC agent: OK. Hold on, I'm doing that.

Defendant: Very careful, all right.

FTC agent. [Pauses]. Ummm, let's see. Oops! Hold on.

Defendant: Uh huh.

FTC agent: Umm, I see something that says "warning"? And something that says "error"?

Defendant: Jesus! Did you see some warnings?

FTC agent: Yeah it says…

Defendant: Hello?

FTC agent: Yeah it says "warning."

Defendant: Madam, it would be my humble request to you, please do not try to click on any of them, OK?

FTC agent: OK.

Defendant: And it would be my request that you keep your mouse pointed away from them, because they are the malicious online infections I was speaking about. Once you click on any of them your computer might even stop responding at any point in time. So be very careful, OK?

FTC agent: OK. I'm not touching the mouse!

Defendant: If you have already seen them this means your computer is also one of those computers which has been infected with the online infections, OK?

Leibowitz cut off the recording there, and said "At one level that's like a bad Bollywood movie. But at another level, that's a serious ripoff of consumers." Such scams have been going on for years, but the operations announced today were particularly widespread.

There were various methods the scammers used to get the users on the phone in the first place. In addition to cold-calling, one of the six defendants "purchased ads on Google, for search terms like McAfee, PC support, and fix MS Office, with pseudonyms and a toll-free number to call," Leibowitz said. The company, named PCCare247, allegedly paid Google more than $1 million for search ads going back to 2010. In one example, searching Google for "Contact McAfee Support" brought up the defendants' phone number and website.

Warning: Everything is working normally

The other five companies allegedly used "telemarketing boiler rooms" to make cold calls, including to people on the Do Not Call list. While mostly based in India, they targeted consumers in the US, Canada, Australia, Ireland, New Zealand, and the UK.

"Pretending to be affiliated with a major computer company, the defendants claimed to have received an automatic notification from the person's computer about a problem," Leibowitz said. "They used Voice over Internet Protocols to seem like they were calling from numbers in the consumer's country, sometimes in the same area code. They told their potential victims to go to their computer, look at a file that shows warning messages—actually these warning messages are just a standard part of the Windows operating system. The messages do not mean the computers are affected with viruses or any other malware."

The "warning messages" come from the Windows Event Viewer, which shows standard messages about the computer's operation. According to Microsoft, "an error is a significant problem, such as loss of data," while "a warning is an event that is not necessarily significant, but might indicate a possible future problem." Scammers allegedly lied to consumers, saying the messages meant hackers were in their computers, and even that their computers might "blow up."

The defendants are charged with "violating the FTC Act, which bars unfair and deceptive commercial practices, as well as the Telemarketing Sales Rule and with illegally calling numbers on the Do Not Call Registry," the FTC said. The FTC charged 14 corporate defendants and 17 individuals, and won a temporary restraining order to freeze $188,000 worth of assets and shut down their operations. This includes disabling Web hosting and phone service.

Microsoft and other computer companies helped the FTC in its investigation, as did authorities in Australia, Canada, and the UK. Canada and Australia also brought legal action against the defendants for violations of their Do Not Call laws.

The names of the corporate defendants charged by the FTC include Pecon Software, Finmaestros LLC, Zeal IT Solutions, Virtual PC Solutions, Lakshmi Infosoul Services, and PCCare247.

In the complaint against Pecon Software in India, the FTC said the scams have been going on since at least 2008. The complaint also describes how the scam unfolds after the users have been tricked into thinking their computers are infected. We quote at length:

Having convinced the consumers that their computers are in imminent danger, the Defendants then direct the consumers to a website and instruct them to enter a code or download a software application to allow the Defendants remote access to the consumers’ computers. Once the Defendants have remote access, they are able to completely control the consumers’ computers and can, for example, move the cursor, enter commands, run applications, and access stored information.

The Defendants then attempt to sell the consumer illusory long-term “security” or “technical support” services and perform unnecessary “repairs,” including installing otherwise free programs, such as trial versions of antivirus programs, and deleting the innocuous files they falsely claimed were viruses. The Defendants charge consumers for these services in an amount ranging from approximately $159 to $299.

The Defendants next direct the consumer to one of several websites they operate in order to pay for the computer security or technical support service. The Defendants’ websites are highly interactive. They purport to allow consumers to chat directly with representatives, leave their contact information to request a call-back, and also browse and pay for various services online. In numerous instances, the Defendants register their websites through privacy protection services that mask their true identity. As a result, consumers are unable to determine the true owner of the website or the fact that the same company operates multiple websites.

If consumers do not agree to pay for the service the Defendants typically apply pressure to the consumers. The Defendants will warn consumers about the harm that will come to their computers if they do not allow the Defendants remote access to fix the computers. Afterwards, the Defendants assert they have fixed the non-existent problems. In reality, Defendants merely charged consumers for repair products and services they did not need.

Tech-savvy Ars readers are unlikely to fall for such a scam. But if you have relatives and friends who lack the necessary dose of skepticism, and they receive unsolicited phone calls from people wanting to fix their computers, they should hang up and report the scam to the FTC or their PC security vendor.

While the scammers seem to just want money, Microsoft Director of Consumer Affairs Frank Torres said their tricks could easily be used for worse.

"What's worse is these scams not only cost victims money in terms of making consumers pay for something they don't really need, or that doesn't happen," Torres said. "But it could also compromise the security of their computers, leaving them vulnerable to malicious software and other attacks."

These have been going on like crazy in Australia for about three years. Everyone I know has received three or four calls "from Microsoft". Several family members who aren't tech-savvy have been scammed out of amounts between $50 and $300.

I decided to play along once, and they were surprisingly well-rehearsed. They asked me to open up event viewer, and asked me if I could see any errors. Of course there were some there - password authentication failures and the like.

They said these were critical issues, and had I been non-tech-savvy, the big red crosses would have probably been alarming - I would have thought "These technicians from Microsoft just called, and they knew I had these critical errors. It must be real".

At that point, they referred me to a technician, who would be willing to fix the errors for a "very small fee, we do this at cost price to keep your computer running well - it's a service offered by Microsoft". They asked for my credit card number and I just turned on Rick Astley and let them listen until they gave up.

I can seriously see how people fell for the scam. Some of the transcripts might be ridiculous, but the guy who called me was actually quite a professional con artist.

One of my clients fell for this scam. Unfortunately, he paid over $500 to the scammers. When he refused to pay any more, they actually locked the computer, told him he wouldn't be able to use his computer anymore, and hung up on him.

He brought the tower to me and when I booted Windows, it asked for a password before it even got to the login screen. I pulled the hard drive and ran several scans and wasn't able to find any malicious software, but I still couldn't get past that stupid password prompt. Safe mode still asked for it and so did the last known good configuration boot mode.

Finally, I pulled registry files from the Snapshot folder and replaced the ones in the Config folder. I hope this helps someone if they too are stuck with something like this.

Defendant: And it would be my request that you keep your mouse pointed away from them, because they are the malicious online infections I was speaking about

As the lone IT guy who supports a regional office, I'm so thinking how to work this into a support session right now. "Don't even let your mouse cursor anywhere near those icons, that stuff's contagious."

Quote:

Tech-savvy Ars readers are unlikely to fall for such a scam. But if you have relatives and friends who lack the necessary dose of skepticism,

Yep, I'll get them too....

Thanks for the article, it's mind boggling the lengths people will go to scam others. We really are a pathetic species sometimes.

I'm in Ireland; We get these callers at least a few times a week. It's really annoying, as they never play along when you are trying to annoy them. They'll usually just hang up if you attempt to deviate them from their script.

The best one though is when you say "I just have to put the phone down for a second" and leave it until they hang up.

However, my favorite is internet service providings, where a guy pranks the unsuspecting victim and tries to get them to switch internet service providings to a better internet service provider to provide better internet service providings.

Actually, what is surprising is how MANY such people exist, that fall for these tricks. I have an elderly mother and I thank God for Yahoo's (and GMail's) Spam folders - otherwise she would be living from one panic attack to another!

Exactly. Very few people would fall for this if it was for their bank account, but somehow because it involves computers their brains turn off.

Meh ... the Windows intro walk-through doesn't exactly go into detail about the Event Viewer. Computers are complicated, and social engineering works. The more complicated something is, the more someone really wants to believe a person is trying to help them with it. Not everyone can be a computer tech hobbyist (or professional), just as not everyone can be a rocket scientist, brain surgeon, daycare worker or artist.

Violating the FTC act? Charge them with fraud! Someone needs to send a clear message that corporate criminals are actually felons, not just overeager or monopolistic. When a company lies people should go to prison!

These guys kept calling. It seems that my Microsoft OS was sending error reports or somesuch. At first I told em I used Linux, after they kept calling I started calling them idiots (normally this would be an insult, but these guys were idiots) and told them to stop calling. After doing this a few times, they did stop calling.

My mother had people like these call her twice over a year. The first time they actually got her to install some software which I assumed would allow them remote access to her machine. Thankfully, not much later she called me with them on hold on the other line and I steered her away from it and got her machine back in working order without the potentially malicious software. They were pretty much pretending to be Norton Anti-Virus.

The second time was another cold call, about a year later, and this time my mother was ready for them. After running through the script to check certain "logs" on her "computer" (apparently through the web browser, heh), which my mom pretty much ignored but played along. Then eventually he asked her to go to the start menu.

"What start menu?"

"The windows in the bottom left of your screen."

"Oh, I have an iPad."

"Very funny, ma'am." *click*

I had never been prouder of someone getting trolled than that moment. My mom learned well

I have had one friend prank these guys for over an hour until they finally hung up on him. Another friend continues to receive these calls every few weeks. My family has had them call once or twice and my girlfriend has spoken to them once. I never get to deal with them... I'm disappointed.

Mom said that they got a call just like this about a year ago. Unfortunately (or not), dad picked up. He had trouble understanding the guy through his thick indian accent, but dad finally figured out that he was talking about the computer. He suspected something, since it's usually off, but he hung up.

I got called by them. I played stupid and tried to follow their directions on a Linux box. After about fifteen minutes of playing with them I told them that I was with the FBI and was conducting a sting on telephone scammers. I asked for his full name and his manager's name. Then he hung up.

My parents, who are just entering their 60's, got one of these calls awhile ago. My mom answered and when they started spouting nonsense about being from their internet provider and needing to log in to their PC, she told them "My husband handles all that, let me get him." She put the phone down for a minute and by time my dad picked it up, they had already hung up.

Kudos to the FTC for taking these people down. They attempted to prey on my 70 year old father just a few months back. The technical details were beyond him but it didn't pass his version of the sniff test, so he hung up on them. I have a feeling that if they had called my stepmother, though, they might have roped her in.

I find it unfortunate how ignorant some of you people are. You accuse these people as being "gullible" and stupid yet it is you who have no comprehension of the plight of today's elderly (the main targets of these scams) who are increasingly being encouraged/required to use new technologies yet given little, if any, help before they get into trouble. Have you such a limited concept of human beings that you can't conceive of anyone that thinks differently than you do and as such may be quite innocently susceptible to problems that you find humorously simple to resolve? So often it is those who point and laugh that are the truly ignorant. Do you know what empathy is?

I've had one of these people call me at home claiming to be from the DNS.. yes the Domain Name System. I asked if he even knew what it was.

Haha, I had the same guy call me with same TEXT , since I do run many *nix servers I played along and asked the guy sure which one? , obviously this guy knew nothing about Linux and was not able to "assist me" , I could not stop laughing over the phone , and he made my day.

However I have assisted few people that fell into this scam, part of my IT charity repairs, these people were simple people that know very little about computers.

This scam is actually much worse then described in this article.If anyone was not cooperating with the BlackHat IT on the other line after they were tricked into giving them access, they would delete key windows files or create another mess in the user system.I guess in that point they didn't care for key logging that victim, and just wanted be malicious.

I work for a company that provides remote tech support for a U.S. ISP. I can honestly say that when I was just providing Internet Help, getting their service online, I would get 4-5 call from customer claim they got this phone call. On average in an eight hour shift I would deal with between 40-50 people a day. So this is happening alot. No that I work in the department that actually fixes their computer the number has gotten slower, they have to pay extra per month to get to me. I have heard people say they have gotten calls from Microsoft, Norton, Yahoo, Google, McAfee.

The sad part is that your little old grandmother, who barely knows how to send an email, will believe them. Not that they are stupid but rather because no one has told them differently. IF they do not read about it in a newspaper or see it on the evening news, It might as well not exist. I have told every single person that has had this happen to them to tell all of their friends that it is a scam.

The next thing they need to take down is the "FBI Moneypack" virus people. That has been running rampant in the past couple of months. I have had a couple of people actually call the FBI concerned. I would hate to be the person in the FBI who has to answer those calls.

If there's one thing I would like to see come of this it is a concerted effort by Microsoft and software developers to completely revamp the event viewer. As a guy who gets asked to fix computers a lot, I frequently check the event viewer for clues as to what the problem is, and always always always come up empty handed. It's like there is some rule that you're not allowed to put useful information into a windows event or something, even really simple stuff like "I tried to access this file but it wasn't there!" or "I got a permission denied trying to do X".

Diagnostic messages like this are common in Unix land, and make fixing problems so much easier. Even if you don't know what the problem is, you can stick the error message into Google and get an answer most of the time.

Violating the FTC act? Charge them with fraud! Someone needs to send a clear message that corporate criminals are actually felons, not just overeager or monopolistic. When a company lies people should go to prison!

I've got 3 of these calls. All from India (sounds like it). The first call I ended quickly with some profanity. The second call I thought I spend as much of their time as I could. Talked well over 10 minuets and after that I told them I knew all along about the scam. We ended the call and exchanged profanity.

This made me feel bad, the guy/gal on the other end are probably working in some shitty call center and might not have much of an option. Third call I told the guy I felt sorry for him and that I wished that he would find another job. He ended the call with some unpleasant words.

Exactly. Very few people would fall for this if it was for their bank account, but somehow because it involves computers their brains turn off.

To many users the computer is a mystery box beyond their web-browser, a little fear of the unknown is all scammers need. I assume everyone has been ripped off due to lack of expertise in some area (car repair, home repair, etc.).

A year or two ago I got called by one of these scammers, but they did run something interesting. They asked me what version of windows I was running. I decided to troll them. I said I don't have windows. He then proceeded to ask if I used a Mac, to which I said no. Then asked if I used Linux, and I said no, I use a thin client that uses plan 9 ( a lie of course). The person I was talking to got very angry and told me to not waste his time and hung up.

I told everyone at work and we were quite surprised, whichever company running that scam had the big three on their scripts.

I find it unfortunate how ignorant some of you people are. You accuse these people as being "gullible" and stupid yet it is you who have no comprehension of the plight of today's elderly (the main targets of these scams) who are increasingly being encouraged/required to use new technologies yet given little, if any, help before they get into trouble. Have you such a limited concept of human beings that you can't conceive of anyone that thinks differently than you do and as such may be quite innocently susceptible to problems that you find humorously simple to resolve? So often it is those who point and laugh that are the truly ignorant. Do you know what empathy is?

Old people can learn to live in the real world just as easy as any of the rest of us. Hell, since most of them are retired, they have nothing but time to devote to learning more and improving their skills. It's what I'd do. Whether they want to, or not, isn't what's being argued. They have the ability to improve themselves, if they choose not to exercise it then they'll continue to be preyed upon.